Anti-virus software recognizes only a portion of all known Trojans and does not recognize unknown Trojans.

Although most virus scanners detect a number of public/known Trojans, they are unable to scan UNKNOWN Trojans. This is because anti-virus software relies mainly on recognizing the "signatures" of each Trojan. Yet, because the source code of many Trojans is easily available, a more advanced hacker can create a new version of that Trojan, the signature of which NO anti-virus scanner will have.

If the person planning to attack you finds out what anti-virus software you use, for example through the automatic disclaimer added to outgoing emails by some anti-virus engines, he will then create a Trojan specifically to bypass your virus scanner engine.

Apart from failing to detect unknown Trojans, virus scanners do not detect all known Trojans either - most virus vendors do not actively seek new Trojans and research has shown that virus engines each detect a particular set of Trojans. To detect a larger percentage of known Trojans, you need to deploy multiple virus scanners; this would dramatically increase the percentage of known Trojans caught.

To effectively protect your network against Trojans, you must follow a multi-level security strategy:

  • 1. You need to implement gateway virus scanning and content checking at the perimeter of your network for email, HTTP and FTP - It is no good having email anti-virus protection, if a user can download a Trojan from a website and infect your network.
  • 2. You need to implement multiple virus engines at the gateway - Although a good virus engine usually detects all known viruses, it is a fact that multiple virus engines jointly recognize many more known Trojans than a single engine.
  • 3. You need to quarantine/check executables entering your network via email and web/FTP at the gateway. You have to analyze what the executable might do.

    • Fortunately there are tools available that will automate a large part of this process.

    Malicious executable analysis - Trojan and executable scanner

    Detecting unknown Trojans can only be done by manually reviewing the executable, or by using a Trojan and executable scanner.

    The process of manually reviewing executables is a tedious and time-intensive job, and can be subject to human error. Therefore it is necessary to tackle this process intelligently and automate part of it. This is the purpose of a Trojan and executable analyzer.

    An executable scanner intelligently analyses what an executable does and assigns a risk level. It disassembles the executable and detects in real time what the executable might do. It compares these actions to a database of malicious actions and then rates the risk level of the executable. This way, potentially dangerous, unknown or one-off Trojans can be detected.

    The Trojan and executable scanner deals with advanced hackers who create their own versions of Trojans, the signatures of which are not known by anti-virus software.

    MicroAntiVirus 2007 is the world’s most trusted antivirus solution. It protects email, instant messages, and other files by automatically removing viruses. New built-in features also detect threats such as Spyware. Protect your PC 24 hours a day with award-winning MicroAntiVirus.

    Page 1 | 2 | 3